Download a file over an active SSH session

I want to download a file from an active SSH session. In many cases I probably could just use SFTP, scp, rsync et al but there are times where I have elevated permissions on the remote server in a way I cannot use these methods.

If you're struggling to understand what I mean, imagine that you wanted to download something from /root/ or /var/log/auth.log. Root login is disabled (because we're not idiots). How do you get that file? Copy it out somewhere less protected and then move it? This is clunky. There are also scenarios where the remote path is complex or temporary, or isn't even a path because I want the output of a remote command stored locally. Store remotely, then copy? Clunk!

There are several more clunky ways to achieve versions of these but in an ideal world, I would have something akin to local write access from the remote server, using the existing SSH session as a conduit. Something like (this is just an artist's impression):

$oli@remote: cp /root/cheesecake /local/

And it just appears in my local cwd. And bidirectional access wouldn't be a bad thing.


It's been eight long years since I asked this question and we've seen a real range of clunk, but it remains a problem that I still struggle with occasionally.

I've refactored the question into something a lot more idealistic. I fully understand that there may not currently be a perfect answer. All past and future efforts towards my ideal are appreciated.


You may want to check out zssh, which is available in universe, and therefore available with

sudo apt-get install zssh

You need it on your ubuntu server and on your client, but basically when logged in with zssh, you just hit 'ctrl-@' and it brings up the "File transfer mode" which allows you to send files back down the pipe to your client machine, or upload them from client to server.

However, you don't have to re-auth or open a new window to scp.

If you're using ssh keys, and an ssh agent, you can quite easily do:

[enter]~[ctrl]-Z

Which will background ssh, and then just scp $!:/whatever/whatever .'

Once the file is transferred, fg to get ssh back.

If you aren't using ssh keys, you can still use the "ControlMaster" and "ControlPath" options added to recent OpenSSh versions, but that gets tricky, check man ssh_config


Assuming you're running an ssh server on your desktop (there are ways around this, but I think they all add complexity, and possibly have security problems), you can set up a reverse ssh tunnel. See SSH easily copy file to local system. over at unix.SE.

  • Type Enter ~C Enter -R 22042:localhost:22 Enter to create a reverse port forwarding from your server to your desktop (22042 can be any port number between 1024 and 65534 that's not in use).
  • Then scp -P 22042 foo localhost: will copy the file foo in your current directory on the server to your home on the desktop.
  • Now move the file into your current directory on the desktop by typing Enter ~ Ctrl+Z mv ~/foo . Enter fg Enter.

Ssh escape sequences begin with ~; the tilde is only recognized after a newline. ~ Ctrl+Z puts ssh into the background. ~C enters a command line where you can create or remove a forwarding.


I came up with a way to do this with standard ssh. It's a script that duplicates the current ssh connection, finds your working directory on the remote machine and copies back the file you specify to the local machine. It needs 2 very small scripts (1 remote, 1 local) and 2 lines in your ssh config. The steps are as follows:

  1. Add these 2 lines to your ~/.ssh/config:

    ControlMaster auto
    ControlPath ~/.ssh/socket-%r@%h:%p
    

    Now if you have an ssh connection to machineX open, you wont need passwords to open another one.

  2. Make a 1-line script on the remote machine called ~/.grabCat.sh

    \#!/bin/bash<br>
    cat "$(pwdx $(pgrep -u $(whoami) bash) | grep -o '/.*' | tail -n 1)"/$1
    
  3. Make a script on the local machine called ~/.grab.sh

    \#!/bin/bash
    [ -n "$3" ] && dir="$3" || dir="."
    ssh "$1" ".grabCat.sh $2" > "$dir/$2"
    
  4. and make an alias for grab.sh in (~/.bashrc or wherever):

    alias grab=~/.grab.sh
    

That's it, all done. Now if you're logged in to machineX:/some/directory, just fire up a new terminal and type

grab machineX filename

That puts the file in your current working directory on the local machine. You can specify a different location as a third argument to "grab".

Note: Obviously both scripts must be "executable", ie chmod u+x filename.


If your client machine (the machine you are sitting at) is called machineA and the machine you are currently SSH'ed into is called machine B. MachineA, your local machine must have SSHD running and port 22 open. Then:

scp myfile machineA:

Copies myfile on MachineB to my MachineA home directory on machineA. This assumes userid/password are the same.

scp myfile machineA:/newdir/newname

Copies myfile one MachineB to /newdir/newname on machineA. This assumes userid/password are the same.

scp MachineA:/path/to/my/otherfile . 

Gets a copy of otherfile from my MachineA directory on MachineA and puts it in my current working directory on the MachineB machine (designated in standard UNIX fashion by the "dot" (.) character). This assumes userid/password are the same.

If the userid/password are not the same then use:

scp myfile user@MachineA: to get file.

scp user@MachineA:/path/to/my/otherfile . to put files

NOTES about SCP:

Just like the cp command, scp has a -p option to propagate the permission settings of the original file to the copy (otherwise the copy is made with the normal settings for new files), and a -r option to copy an entire directory tree with one command.

scp creates a completely transparent encrypted data channel between the two machines, so binary data (such as images or executable programs) is preserved correctly. This also means that scp is unable to perform automatic end-of-line termination conversion between different types of operating systems, as can be done with ftp in "ascii" mode. That will not be a problem when copying between Unix systems, which all use the same end-of-line convention.


if you access server via ssh, you get the ability to connect via sftp as well. Keep filezilla client (GUI) handy and paste the path you are currently on

enter image description here